Cumulus Linux and Ansible — now easier than ever

Back in November, Cumulus Networks unveiled NCLU, an interactive command-line interface for configuring switches running Cumulus Linux. NCLU was made to help networking experts drive Linux without having to learn its intricacies and quirks, and so far, it has been very successful. Network engineers are comfortable configuring devices interactively, so NCLU helps abstract the file-based nature of Linux to smooth out the learning curve.

Since I started working at Cumulus Networks over two years ago, I’ve noticed that most of our customers who are working with us for the first time fall neatly into two categories. The majority of our users are experienced network engineers with very little Linux knowledge, whereas a minority are Linux server power-users who may only know the basics of networking. Most of my colleagues at Cumulus are networking industry veterans who started off in the first category, while I fell into the latter. I’ve always been an automation-first developer who applies web-scale principles to everything I do, meaning that from the first day I started configuring Cumulus Linux, I was doing so with tools like Ansible. With the release of Ansible 2.3, I’m happy to report that Ansible now supports NCLU out of the box.

The old days in Cumulus Linux and Ansible configuration

Since the beginning of Cumulus Linux, the go-to way to use Ansible configuration has been through the use of Jinja templates. Since Cumulus Linux is just Linux, templates worked natively, allowing us to leverage Ansible since day one. Templates allow an operator to write a configuration file with “fill-in-the-blanks” for variables in the automation playbook.

When this template is executed, the IP address of swp1 will be automatically pulled from the ansible variables file and then deployed on the device. In most deployments, there are very few differences between configuration files, such as MAC and IP addresses. This means that the same template can be deployed on many devices, leaving the differences up to the variables file.

While templates are very powerful, their greatest limitation is that they can only be specified in a single playbook. Each time a template is applied, it completely overwrites the old one. This means that every possible feature needs to be accounted for in the same template, making them hard to read, write, and maintain.

Nowadays in Cumulus Linux and Ansible configuration

Starting with Ansible 2.3, instead of writing templates for Quagga and ifupdown2, you can now write tasks using the NCLU module.

The advantages of using NCLU instead of templates

First of all, it is possible to put NCLU tasks in multiple playbooks without having them conflict with one another. For example, you can have one playbook for configuring your in-band BGP fabric, and another playbook for deploying the out-of-band bridge, making your playbooks more modular and maintainable.

Secondly, instead of having to learn the underlying Quagga or ifupdown2 syntax, you can use NCLU’s user-friendly syntax, along with all of its error detection and guard rails. If you make a typo in a configuration file, you won’t notice it until you try to reload the file — potentially causing a service interruption. NCLU will catch typos and other dangerous configuration mistakes before they are applied, giving you a chance to fix them before the configuration is committed.

2 Comments

[…] In this part we’ll review usage of Cumulus-specific CLU module from Ansbile. Actually, Cumulus has several modules in Ansible , and some of them could be even easier to use, if we need solve specific tasks. But for networking guys and for people, who aren’t afraid to get hands dirty and create real automation, I’d recommend to go for NCLU module. What it does, it allows you to enter just NCLU commands in a sequence as you do into the Cumulus Linux CLI and that’s it. For sure, all advantages of Jinja2 templates are also relevant here. To be honest, Cumulus encourages to use this module. […]

[…] With the release of Ansible 2.3 the Cumulus Linux NCLU module is now part of Ansible core. This means when you `apt-get install ansible`, you get the NCLU module pre-installed! This blog post will focus on using the NCLU module to backup and restore configs on Cumulus Linux. To read more about the NCLU module from its creator, Barry Peddycord, click here. […]